CVE-2008-6123

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2009/02/12/2", "name": "[oss-security] 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367", "name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367", "tags": ["Product"], "refsource": "MISC"}, {"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367", "name": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367", "tags": ["Product"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=485211", "tags": ["Issue Tracking", "Patch"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2009/02/12/4", "name": "[oss-security] Re: 20090212 CVE Request -- net-snmp (sensitive host information disclosure)", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=250429", "name": "http://bugs.gentoo.org/show_bug.cgi?id=250429", "tags": ["Exploit", "Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://www.openwall.com/lists/oss-security/2009/02/12/7", "name": "[oss-security] 20090212 Re: CVE Request -- net-snmp (sensitive host information disclosure)", "tags": ["Mailing List"], "refsource": "MLIST"}, {"url": "http://www.securitytracker.com/id?1021921", "name": "1021921", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html", "name": "RHSA-2009:0295", "tags": ["Not Applicable"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/34499", "name": "34499", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html", "name": "SUSE-SR:2009:011", "tags": ["Mailing List"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/35416", "name": "35416", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "name": "SUSE-SR:2009:012", "tags": ["Mailing List"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/35685", "name": "35685", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html", "name": "SUSE-SR:2010:003", "tags": ["Mailing List"], "refsource": "SUSE"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289", "name": "oval:org.mitre.oval:def:10289", "tags": ["Broken Link"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to \"source/destination IP address confusion.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-863"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-6123", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-02-12T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.4.2.1", "versionStartIncluding": "5.0.9"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-01-12T20:41Z"}